Wednesday, 2016-06-22

« Tuesday, 2016-06-21 Index Thursday, 2016-06-23 »
*** markvoelker has joined #openstack-security00:12
*** markvoelker_ has joined #openstack-security00:13
*** markvoel_ has joined #openstack-security00:15
*** markvoelker has quit IRC00:15
*** markvoelker_ has quit IRC00:19
openstackgerritRahul U Nair proposed openstack/syntribos: Checks for Syntribos signals  https://review.openstack.org/33251900:24
*** austin987 has quit IRC00:35
*** catintheroof has joined #openstack-security00:47
*** edtubill has quit IRC00:57
*** catintheroof has quit IRC01:07
*** vinaypotluri has quit IRC01:11
*** salv-orlando has joined #openstack-security02:00
*** salv-orlando has quit IRC02:07
*** jamielennox is now known as jamielennox|away02:16
*** jamielennox|away is now known as jamielennox02:17
*** browne has quit IRC02:21
*** jhfeng has joined #openstack-security02:38
*** yuanying has quit IRC02:46
*** Long_yanG has joined #openstack-security02:51
*** LongyanG has quit IRC02:51
*** austin987 has joined #openstack-security03:00
*** jhfeng has quit IRC03:01
*** slacksilver has joined #openstack-security03:09
slacksilverhola03:10
*** jhfeng has joined #openstack-security03:13
*** salv-orlando has joined #openstack-security03:14
slacksilverhola03:18
*** slacksilver has left #openstack-security03:21
*** salv-orlando has quit IRC03:21
*** elmiko is now known as _elmiko03:31
*** jhfeng has quit IRC03:41
*** catintheroof has joined #openstack-security03:44
*** yuanying has joined #openstack-security03:47
*** dave-mcc_ has quit IRC03:48
*** catintheroof has quit IRC04:02
*** liverpooler has quit IRC04:15
*** liverpoo1er has quit IRC04:15
*** salv-orlando has joined #openstack-security04:28
*** salv-orlando has quit IRC04:35
*** rcernin has joined #openstack-security04:56
*** rcernin has quit IRC05:16
*** salv-orlando has joined #openstack-security05:37
*** rcernin has joined #openstack-security05:54
*** liverpoo1er has joined #openstack-security05:57
*** liverpooler has joined #openstack-security05:57
*** chair6 has quit IRC06:16
*** chair6 has joined #openstack-security06:20
*** salv-orl_ has joined #openstack-security06:38
*** salv-orlando has quit IRC06:41
*** archlinux_xfce4 has joined #openstack-security06:41
*** tesseract- has joined #openstack-security06:47
*** archlinux_xfce4 has quit IRC06:57
*** salv-orl_ has quit IRC07:20
*** pcaruana has joined #openstack-security07:22
*** unrahul has quit IRC07:42
*** salv-orlando has joined #openstack-security08:14
*** M00nr41n has joined #openstack-security08:18
*** dmk0202 has joined #openstack-security08:23
*** liverpoo1er has quit IRC10:00
*** liverpoo1er has joined #openstack-security10:00
*** sigmavirus24 is now known as sigmavirus24_awa11:43
*** sdake has quit IRC11:48
*** sdake has joined #openstack-security12:03
*** dave-mccowan has joined #openstack-security12:19
*** d0ugal has quit IRC12:25
*** d0ugal has joined #openstack-security12:25
*** aurelien has joined #openstack-security12:27
*** salv-orl_ has joined #openstack-security12:39
*** salv-orlando has quit IRC12:41
*** sdake has quit IRC12:43
*** edmondsw has joined #openstack-security12:43
*** jhfeng has joined #openstack-security12:59
*** salv-orl_ has quit IRC13:03
*** salv-orlando has joined #openstack-security13:12
*** aurelien has quit IRC13:16
*** _elmiko is now known as elmiko13:18
*** BigWillie has joined #openstack-security13:24
*** liverpoo1er has quit IRC13:27
*** liverpooler has quit IRC13:33
*** sdake has joined #openstack-security13:37
*** jmckind has joined #openstack-security13:40
*** woodburn has joined #openstack-security13:50
*** ametts has joined #openstack-security14:01
*** jet__08 has joined #openstack-security14:03
*** jhfeng has quit IRC14:04
jet__08hi14:06
jet__08hi all14:09
*** edtubill has joined #openstack-security14:17
*** sigmavirus24_awa is now known as sigmavirus2414:22
*** mvaldes has joined #openstack-security14:23
*** jhfeng has joined #openstack-security14:33
*** chair6 has quit IRC14:50
*** chair6 has joined #openstack-security14:50
*** zul has quit IRC14:54
*** zul has joined #openstack-security14:55
*** unrahul has joined #openstack-security15:02
*** rcernin has quit IRC15:09
*** sdake has quit IRC15:10
*** agireud has quit IRC15:10
*** yarkot1 has quit IRC15:10
*** tesseract- has quit IRC15:10
*** yarkot1 has joined #openstack-security15:11
*** sdake_ has joined #openstack-security15:11
*** agireud has joined #openstack-security15:11
*** sdake has joined #openstack-security15:18
*** sdake_ has quit IRC15:19
*** pcaruana has quit IRC15:22
*** rcernin has joined #openstack-security15:24
*** ccneill has joined #openstack-security15:25
*** pcaruana has joined #openstack-security15:36
*** vinaypotluri has joined #openstack-security15:43
*** catintheroof has joined #openstack-security15:49
*** elmiko is now known as _elmiko16:01
*** dmk0202 has quit IRC16:02
*** jmckind_ has joined #openstack-security16:23
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183316:25
*** jmckind has quit IRC16:26
*** mvaldes1 has joined #openstack-security16:30
*** jmckind has joined #openstack-security16:32
*** mvaldes has quit IRC16:33
*** ccneill has quit IRC16:34
*** jmckind_ has quit IRC16:35
*** rcernin has quit IRC16:40
*** pcaruana has quit IRC16:43
*** jmckind_ has joined #openstack-security16:54
*** jmckind has quit IRC16:57
*** sdake_ has joined #openstack-security17:09
*** sdake has quit IRC17:10
*** rcernin has joined #openstack-security17:20
*** sdake_ has quit IRC17:29
*** ccneill has joined #openstack-security17:42
*** n0rma1 has joined #openstack-security17:48
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183317:50
*** liverpooler has joined #openstack-security18:00
*** salv-orlando has quit IRC18:02
*** salv-orlando has joined #openstack-security18:03
*** salv-orlando has quit IRC18:07
*** mvaldes1 has quit IRC18:08
*** jet__08 has quit IRC18:13
*** jmckind has joined #openstack-security18:15
*** browne has joined #openstack-security18:17
*** jmckind_ has quit IRC18:18
*** jmckind_ has joined #openstack-security18:19
*** mvaldes has joined #openstack-security18:21
*** jmckind has quit IRC18:22
ccneillunrahul: just read over your gist again18:39
ccneillunrahul: I like the idea of using YAML for some of this18:39
ccneillI'm just worried we'll have to create a whole DSL to be able to represent all the checks we want..18:40
ccneillfor instance, specifying the logic for determining a signal's strength in yaml seems.. difficult18:40
ccneillslug creation seems somewhat hard too18:41
ccneille.g. HTTP_STATUS_CODE_5XX_500 would require you to specify 1) some kind of range() check to get the 5XX part, and then 2) appending the actual status code18:41
*** sdake has joined #openstack-security18:47
ccneillunrahul: take a look at the content type check I was working on at the bottom of this file: https://review.openstack.org/#/c/331833/7/syntribos/checks/http.py18:47
ccneillI have a feeling it would be very hard to specify some kind of logic in YAML to replicate that check18:47
ccneill:/18:47
ccneillnot impossible, just a fair amount of work18:47
mvaldeswhat if we use xml in place of yaml18:48
ccneillmvaldes: get out18:48
ccneill:P18:48
mvaldesehe18:48
ccneillwe *could* basically reduce all checks down to regular expressions...18:49
ccneille.g. "Content-Type: ([a-zA-Z\-]/[a-zA-Z\-\+)(; .*)"18:50
ccneillbut then checks are only as comprehensible as the regexes we write18:50
mvaldesi think since this is for "custom checks" we can wait and make sure we identify  real cases where we would use this18:51
*** n0rma1 has left #openstack-security18:51
ccneillI think arbitrary string presence is probably one of the best examples, but I'm not sure how many others we'll end up with18:52
mvaldesright18:52
mvaldesthat one is probably easy to do one way or another18:53
mvaldesthe problem is if something else comes up?18:53
ccneillyeah18:55
ccneillit's really how we deal with checks that take parameters outside of what we can expect to be associated with the test object18:55
*** sdake_ has joined #openstack-security18:55
ccneillwe can easily run checks against init_resp and resp off the test object like getting the status code, but if we need to check for presence of a list of strings, we can't easily specify that in a clean way if we just want test writers to provide a list of slugs they care about18:56
mvaldesanother concept like ACTION_FIELD maybe18:56
mvaldeseh18:57
mvaldesright18:57
ccneillI'm also trying to keep us from inventing a super-complicated language to make it "easier" to write tests18:57
ccneilllike.. yeah, we might reduce the amount of python a test writer has to write, but they also have to learn our language18:57
ccneillwhich might be buggy18:57
ccneillor require a huge investment from us to make it workable18:57
*** sdake has quit IRC18:58
ccneill¯\_(ツ)_/¯18:58
ccneillthe simple slug approach is appealing in some ways though... e.g. we might want to specify a sort of pipeline for this check https://review.openstack.org/#/c/332519/3/syntribos/checks/content_validity.py19:03
ccneillCONTENT_TYPE | CONTENT_VALIDITY19:03
openstackgerritMerged openstack/syntribos: Simplified imports and added constants  https://review.openstack.org/33183119:09
unrahulccneill: mvaldes guys, was away.19:09
unrahulccneill:  yeah.. in a way if we keep inventing things, it would be cool, but complicated.19:09
unrahuli like the pipeline approach though19:10
unrahulgive all the basic building blocks of checks and give the test writer the flexibility to mix and match19:10
ccneillyep19:10
ccneillif we switch to taking Test objects in checks, we can hack the pipeline functionality by just specifying the checks in a meaningful order and having checks look at the test object for previous signals19:11
ccneillprobably the simplest approach19:11
ccneilland then maybe we can further abstract it in the future19:11
unrahulhmm.. yeah.. and in way.. i am not sure, there would be that complicated checks needed.. if it is, then it would be really custom..19:12
unrahulaah.. i dont know.. !..19:14
ccneillI was also thinking about another minor annoyance last night when I couldn't sleep lol19:14
ccneillwe send the unfuzzed request from the template for each test type...19:14
ccneill:S19:15
unrahul:o ,  oh.. we dont need that.. init_req is doing that in fuzz ryt.. dont think we need to do that again...19:16
unrahulis mdong around.. ?19:17
ccneillright, but we don't actually preserve any state between test types19:17
ccneillsoooo19:17
ccneill:(19:17
ccneillergh19:18
ccneillmaybe we could do it in the runner when we parse the template...19:18
unrahulbut.. arent we trying to avoid adding more stuff to runner..?, like a lot of things are happening in runner.. ryt now..19:19
ccneillyep19:20
ccneill:\19:20
*** jamielennox is now known as jamielennox|away19:21
ccneillrunner's kind of a mess right now lol19:21
unrahulyeah... ideally it should be split into multiple files.19:21
ccneillyep19:22
ccneillwe could also probably name things a little more intuitively19:22
unrahulyeah, get_testcase, get_tests  :D19:24
ccneill>_<19:24
*** jmckind has joined #openstack-security19:30
*** sdake has joined #openstack-security19:31
*** jmckind__ has joined #openstack-security19:32
openstackgerritCharles Neill proposed openstack/syntribos: added min and max severity and confidence filtering  https://review.openstack.org/33186819:32
*** sdake_ has quit IRC19:33
*** jmckind_ has quit IRC19:33
*** jmckind has quit IRC19:35
openstackgerritMerged openstack/syntribos: added min and max severity and confidence filtering  https://review.openstack.org/33186819:46
*** sdake_ has joined #openstack-security20:01
*** salv-orlando has joined #openstack-security20:04
*** sdake has quit IRC20:04
*** browne has quit IRC20:05
*** ccneill has quit IRC20:12
*** jhfeng has quit IRC20:12
*** ccneill has joined #openstack-security20:13
*** jhfeng has joined #openstack-security20:22
*** jmckind__ has quit IRC20:25
*** salv-orlando has quit IRC20:27
*** salv-orlando has joined #openstack-security20:28
*** browne has joined #openstack-security20:29
ccneillhey browne: any chance you have a sec to look back over the signals CR I've been working on? really appreciate your comments recently - we're kind of bottlenecked on reviews to an extent because we have so few people working on it20:30
ccneillno worries if you're busy, but if you have a chance this week it would be super helpful20:31
brownesure i'll take a look20:32
ccneillsweet20:32
ccneillhere's the link: https://review.openstack.org/#/c/331286/20:32
*** jhfeng has quit IRC20:32
*** sdake_ has quit IRC20:34
*** jhfeng has joined #openstack-security20:49
*** jhfeng has quit IRC20:49
*** BigWillie has quit IRC20:54
*** jhfeng has joined #openstack-security21:16
*** edtubill has quit IRC21:19
*** sdake has joined #openstack-security21:28
*** mvaldes has quit IRC21:32
*** sdake_ has joined #openstack-security21:38
*** sdake has quit IRC21:39
*** sigmavirus24 is now known as sigmavirus24_awa21:40
openstackgerritVinay Potluri proposed openstack/syntribos: Added ssl checks based on signals  https://review.openstack.org/33224521:46
*** jamielennox|away is now known as jamielennox21:48
*** ametts has quit IRC21:50
unrahulhey ccneill:  when u ran the unit tests, did you get any endpoint not set error?21:50
ccneillhmm, nope..21:50
ccneillyou have to pip install requests-mock21:51
unrahulyeah.. that i did..21:51
unrahulmay be something with my env21:51
unrahullet me figure it out..21:51
ccneillhmmm weird21:51
unrahulyea..21:51
ccneillI'm working on those unittests right now, haven't seen any errors21:51
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183321:52
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183321:58
openstackgerritVinay Potluri proposed openstack/syntribos: Creates SynSignal and SignalHolder classes  https://review.openstack.org/33128622:02
openstackgerritVinay Potluri proposed openstack/syntribos: Added ssl checks based on signals  https://review.openstack.org/33224522:02
unrahulccneill:  got it working, was some shell export issue.22:06
openstackgerritRahul U Nair proposed openstack/syntribos: Checks for Syntribos signals  https://review.openstack.org/33251922:13
*** browne1 has joined #openstack-security22:14
*** browne has quit IRC22:15
ccneillunrahul: interesting. I've run into some weird environment variable errors when using tmux to run syntribos, don't know if you're using that but usually killing/recreating the session fixes it22:17
ccneillit only happens sporadically though22:17
unrahulyup!22:17
unrahuli exited out of tmux22:17
unrahuland things worked ..22:17
*** sdake has joined #openstack-security22:21
*** sdake_ has quit IRC22:24
openstackgerritMike Lange proposed openstack/security-doc: Added section for the phases of an audit. Updated link to CSA CCM  https://review.openstack.org/33064722:30
*** sdake_ has joined #openstack-security22:31
*** sdake has quit IRC22:34
*** jamielennox is now known as jamielennox|away22:44
*** sdake_ has quit IRC22:49
openstackgerritCharles Neill proposed openstack/syntribos: Creates SynSignal and SignalHolder classes  https://review.openstack.org/33128622:52
*** jamielennox|away is now known as jamielennox22:53
*** salv-orl_ has joined #openstack-security22:58
*** rcernin has quit IRC23:00
*** salv-orlando has quit IRC23:00
openstackgerritCharles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals  https://review.openstack.org/33183323:02
*** jamielennox is now known as jamielennox|away23:05
*** salv-orl_ has quit IRC23:06
*** edmondsw has quit IRC23:15
*** jhfeng has quit IRC23:23
*** sdake has joined #openstack-security23:24
*** catintheroof has quit IRC23:35
*** ccneill has quit IRC23:42
*** sdake has quit IRC23:42
*** jamielennox|away is now known as jamielennox23:57
*** lmiccini has quit IRC23:59
« Tuesday, 2016-06-21 Index Thursday, 2016-06-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!